Skip to content

Version 0.15.4

Compare
Choose a tag to compare
@lepture lepture released this 17 Jul 03:08
· 392 commits to master since this release
4570144

Security fix when JWT claims is None.

For example, JWT payload has iss=None:

{
  "iss": None,
  ...
}

But we need to decode it with claims:

claims_options = {
  'iss': {'essential': True, 'values': ['required']}
}
jwt.decode(token, key, claims_options=claims_options)

It didn't raise an error before this fix.